Chat now with support
Chat with Support

Identity Manager 8.2.1 - Attestation Administration Guide

Attestation and recertification
One Identity Manager users for attestation Attestation base data Attestation policies Sample attestation Custom mail templates for notifications Suspending attestation
Approval processes for attestation cases
Approval policies for attestations Approval workflow for attestations Selecting attestors Setting up multi-factor authentication for attestation Prevent attestation by employee awaiting attestation Attestation by peer group analysis Managing attestation cases
Attestation sequence Default attestation and withdrawal of entitlements User attestation and recertification Mitigating controls Setting up attestation in a separate database Configuration parameters for attestation

Specifying risk indexes for attestation guidelines

You can use One Identity Manager to evaluate the risk of attestation cases. To do this, enter a risk index for the attestation policy. The risk index specifies the risk involved for the company in connection with the data to be attested. The risk index is given as a number in the range 0 .. 1. By doing this you specify whether data to be attested is considered not to be a risk (risk index = 0) or whether every denied attestation poses a problem (risk index = 1).

The risk that attestations will be denied approval can be reduced by using the appropriate mitigating controls. Enter these controls as mitigating controls in One Identity Manager. You reduce the risk by the value entered as the significance reduction on the mitigating control. This value is used to calculate the reduced risk index for the attestation policy.

You can create several reports with the Report Editor to evaluate attestation cases depending on the risk index. For more information, see the One Identity Manager Configuration Guide.

Risk assessments can be carried out when the QER | CalculateRiskIndex configuration parameter is enabled. For more information, see the One Identity Manager Risk Assessment Administration Guide.

Detailed information about this topic

Default attestation policies

One Identity Manager provides default attestation policies for default attestation of new users and recertification of all employees stored in the One Identity Manager database. In addition to this, default attestation policies are provided through which various roles, memberships in roles, user accounts, and system entitlements mapped in the Unified Namespace can be attested.

To display default attestation policies

  • In the Manager, select the Attestation > Attestation policies > Predefined category.

You can customize the following properties for default attestation policies:

  • Approval policies (if several approval policies can be assigned)

  • Owner

  • Processing time

  • Risk index

  • Calculation schedule

  • Deactivated

  • Close obsolete tasks automatically

  • Obsolete tasks limit

  • Reason for decision

  • Condition

  • Approval by multi-factor authentication

NOTE: You can edit attestation policies, whose condition is stored as a definition (XML), in the Web Portal. The definition (XML) cannot be edited in the Manager. For more information, see the One Identity Manager Web Designer Web Portal User Guide.

Additional tasks for attestation policies

After you have entered the main data, you can run the following tasks.

The attestation policy overview

You can see the most important information about an attestation policy on the overview form.

To obtain an overview of an attestation policy

  1. In the Manager, select the Attestation > Attestation policies category.

  2. Select the attestation policy in the result list.

  3. Select Attestation policy overview task.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating